December 17th – This Week’s Top Cybersecurity and Dark Web Stories

AI Advancements Bring ‘High’ Cybersecurity Risk

OpenAI, the creator of ChatGPT, issued a stark warning on Wednesday December 10th regarding the escalating cybersecurity risks posed by its rapidly advancing artificial intelligence models. The company cautioned in a recent blog post that its upcoming AI systems could present a “high” risk to global security.

The primary concerns center on the models’ potential to be weaponized. Specifically, the AI could be capable of developing functional zero-day remote exploits against heavily protected systems. Beyond automated attacks, the models might also be used to assist with highly complex enterprise or industrial intrusion operations that could have significant real-world consequences.

To proactively counter these risks, the Microsoft-backed company is implementing a multi-faceted strategy. OpenAI stated it is “investing in strengthening models for defensive cybersecurity tasks and creating tools that enable defenders to more easily perform workflows such as auditing code and patching vulnerabilities.”

The company’s defense strategy is based on several core pillars: a mix of access controls, infrastructure hardening, robust egress controls, and continuous monitoring.

Looking ahead, OpenAI plans to introduce a new program to provide qualifying users and customers working in cyber defense with tiered access to enhanced AI capabilities. Additionally, it is establishing the Frontier Risk Council, an advisory group designed to foster close collaboration between experienced cyber defenders, security practitioners, and its own development teams. The council will initially focus on cybersecurity before expanding its remit into other frontier capability domains.

French Interior Ministry E-mail Servers Breached in Cyberattack

The French Interior Minister confirmed on Friday that the country’s Ministry of the Interior has been subjected to a cyberattack, which successfully compromised its e-mail servers. The attack, detected overnight between Thursday, December 11, and Friday, December 12, allowed threat actors to gain access to some document files.

In immediate response to the breach, the ministry has implemented the “usual protection procedures,” which includes tightening security protocols and strengthening access controls for the information systems used by its personnel.

French authorities have launched an investigation to determine the origin and scope of the incident. Interior Minister Laurent Nuñez stated that investigators are currently examining multiple possibilities, including:

• Foreign interference
• Activists aiming to expose government system vulnerabilities
• Cybercrime

The Minister, whose ministry oversees police forces and internal security, noted that the high-value nature of the target makes it attractive to state-sponsored hackers and cybercriminals.

While no official attribution has been made, threat actors associated with the BreachForums cybercrime forum brand have claimed responsibility for the attack as a publicity stunt to promote the reopening of the forum.  As well as sending emails announcing the forum’s return from an interieur.gouv.fr email address, the attackers claim to have accessed data pertaining to over 16 million individuals via criminal records and wanted persons databases. The attackers set a deadline of one week for the French government to contact them before threatening to leak the alleged stolen data.

Four New Phishing Kits Emerge to Steal Credentials at Scale

Cybersecurity researchers have identified four new advanced phishing kits – BlackForce, GhostFrame, InboxPrime AI, and Spiderman – all designed to facilitate credential theft at a massive scale.

BlackForce: A kit sold on Telegram that uses Man-in-the-Browser (MitB) attacks to bypass multi-factor authentication (MFA) and steal credentials from over 11 major brands.

GhostFrame: A stealthy kit that hides its malicious login page within an embedded iframe to steal Microsoft 365 and Google account credentials, using constantly changing subdomains for evasion.

InboxPrime AI: This malware-as-a-service (MaaS) leverages AI to automate mass-mailing campaigns, generating convincing phishing emails that mimic real human behavior and bypass traditional filters.

Spiderman: A full-stack framework that creates pixel-perfect replicas of dozens of European bank login pages and government portals, specifically targeting OTP, PhotoTAN codes, and credit card data.

In addition to these, a new Salty-Tycoon hybrid phishing kit has been observed, combining the execution chains of Salty 2FA and Tycoon 2FA to bypass existing detection rules.